Again rootkit packers

Today I will go through two of the last rootkit packers I analyzed recently. The first is a TDL3 rootkit (654f4a3d02f7cc4b0442a5fee44419d948fa0048) 1/40 on VT (as of 12 Oct) which is consistent with the recent timestamp. From a first analysis it shows some weird characteristics: 1. contains multiple resources (which is weird for drivers, if you [...]

posted in kernel, malware, rootkit by swirl